Lucene search
K

24 matches found

Cvelist
Cvelist
added 2026/05/27 6:53 p.m.42 views

CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:4 p.m.9 views

EUVD-2026-31522

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40252

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/05/07 4:0 p.m.11 views

World Passkey Day: Advancing passwordless authentication

World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.37 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 1:31 p.m.11 views

EUVD-2026-26227

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35919

Name of the Vulnerable Software and Affected Versions Jenkins Microsoft Entra ID previously Azure AD Plugin versions prior to 666.v6060de32f87d Description The plugin does not restrict the redirect URL after login, which allows attackers to perform phishing attacks. Recommendations Update the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/23 9:37 p.m.3 views

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

...

10CVSS5.1AI score0.00511EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/23 2:0 p.m.10 views

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.8AI score0.00511EPSS
Exploits0
EUVD
EUVD
added 2026/04/01 5:25 p.m.4 views

EUVD-2026-17983

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00158EPSS
Exploits1References3
NCSC
NCSC
added 2026/03/10 8:15 p.m.13 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...

8.8CVSS5.8AI score0.01046EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

9.8CVSS6AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.4 views

CVE-2026-0948

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:26 p.m.7 views

EUVD-2026-5338

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.6 views

Drupal Microsoft Entra ID SSO Login 安全漏洞

Drupal Microsoft Entra ID SSO Login is a single-sign-on integration module provided by the Drupal company in collaboration with Microsoft. Versions of Drupal Microsoft Entra ID SSO Login prior to 1.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative...

6.5CVSS5.8AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-4311

Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description An elevation of privilege issue exists in Azure Entra ID. Successful exploitation could allow unauthorized access. Recommendations At the moment, there is no information about a newer...

9.8CVSS5.3AI score0.00497EPSS
Exploits0References9
Wiz blog
Wiz blog
added 2025/11/27 4:27 p.m.7 views

3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs

How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.8 views

Microsoft Endpoint Configuration Manager (CVE-2025-59501)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in the vendor advisory. It is, therefore, affected by an elevation of privilege vulnerability. An attacker could exploit this vulnerability by modifying the user principal...

4.8CVSS5.9AI score0.03063EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/10 9:27 p.m.4 views

CVE-2025-59218

Azure Entra ID Elevation of Privilege Vulnerability...

9.6CVSS7AI score0.00601EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.4 views

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Entra ID that stems from an elevation of privilege vulnerability...

9.6CVSS8.9AI score0.00601EPSS
Exploits0References1
Rows per page
Query Builder